Share via


OAuthAuthorizationServerOptions Class

Options class provides information needed to control Authorization Server middleware behavior

Inheritance Hierarchy

System.Object
  Microsoft.Owin.Security.AuthenticationOptions
    Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions

Namespace:  Microsoft.Owin.Security.OAuth
Assembly:  Microsoft.Owin.Security.OAuth (in Microsoft.Owin.Security.OAuth.dll)

Syntax

'Declaration
Public Class OAuthAuthorizationServerOptions _
    Inherits AuthenticationOptions
'Usage
Dim instance As OAuthAuthorizationServerOptions
public class OAuthAuthorizationServerOptions : AuthenticationOptions
public ref class OAuthAuthorizationServerOptions : public AuthenticationOptions
type OAuthAuthorizationServerOptions =  
    class 
        inherit AuthenticationOptions 
    end
public class OAuthAuthorizationServerOptions extends AuthenticationOptions

The OAuthAuthorizationServerOptions type exposes the following members.

Constructors

  Name Description
Public method OAuthAuthorizationServerOptions Creates an instance of authorization server options with default values.

Top

Properties

  Name Description
Public property AccessTokenExpireTimeSpan The period of time the access token remains valid after being issued. The default is twenty minutes. The client application is expected to refresh or acquire a new access token after the token has expired.
Public property AccessTokenFormat The data format used to protect the information contained in the access token. If not provided by the application the default data protection provider depends on the host server. The SystemWeb host on IIS will use ASP.NET machine key data protection, and HttpListener and other self-hosted servers will use DPAPI data protection. If a different access token provider or format is assigned, a compatible instance must be assigned to the OAuthBearerAuthenticationOptions.AccessTokenProvider or OAuthBearerAuthenticationOptions.AccessTokenFormat property of the resource server.
Public property AccessTokenProvider Produces a bearer token the client application will typically be providing to resource server as the authorization bearer http request header. If not provided the token produced on the server's default data protection. If a different access token provider or format is assigned, a compatible instance must be assigned to the OAuthBearerAuthenticationOptions.AccessTokenProvider or OAuthBearerAuthenticationOptions.AccessTokenFormat property of the resource server.
Public property AllowInsecureHttp True to allow authorize and token requests to arrive on http URI addresses, and to allow incoming redirect_uri authorize request parameter to have http URI addresses.
Public property ApplicationCanDisplayErrors Set to true if the web application is able to render error messages on the /Authorize endpoint. This is only needed for cases where the browser is not redirected back to the client application, for example, when the client_id or redirect_uri are incorrect. The /Authorize endpoint should expect to see "oauth.Error", "oauth.ErrorDescription", "oauth.ErrorUri" properties added to the owin environment.
Public property AuthenticationMode If Active the authentication middleware alter the request user coming in and alter 401 Unauthorized responses going out. If Passive the authentication middleware will only provide identity and alter responses when explicitly indicated by the AuthenticationType. (Inherited from AuthenticationOptions.)
Public property AuthenticationType The AuthenticationType in the options corresponds to the IIdentity AuthenticationType property. A different value may be assigned in order to use the same authentication middleware type more than once in a pipeline. (Inherited from AuthenticationOptions.)
Public property AuthorizationCodeExpireTimeSpan The period of time the authorization code remains valid after being issued. The default is five minutes. This time span must also take into account clock synchronization between servers in a web farm, so a very brief value could result in unexpectedly expired tokens.
Public property AuthorizationCodeFormat The data format used to protect and unprotect the information contained in the authorization code. If not provided by the application the default data protection provider depends on the host server. The SystemWeb host on IIS will use ASP.NET machine key data protection, and HttpListener and other self-hosted servers will use DPAPI data protection.
Public property AuthorizationCodeProvider Produces a single-use authorization code to return to the client application. For the OAuth server to be secure the application MUST provide an instance for AuthorizationCodeProvider where the token produced by the OnCreate or OnCreateAsync event is considered valid for only one call to OnReceive or OnReceiveAsync.
Public property AuthorizeEndpointPath The request path where client applications will redirect the user-agent in order to obtain user consent to issue a token. Must begin with a leading slash, like "/Authorize".
Public property Description Additional information about the authentication type which is made available to the application. (Inherited from AuthenticationOptions.)
Public property Provider The object provided by the application to process events raised by the Authorization Server middleware. The application may implement the interface fully, or it may create an instance of OAuthAuthorizationServerProvider and assign delegates only to the events it wants to process.
Public property RefreshTokenFormat The data format used to protect and unprotect the information contained in the refresh token. If not provided by the application the default data protection provider depends on the host server. The SystemWeb host on IIS will use ASP.NET machine key data protection, and HttpListener and other self-hosted servers will use DPAPI data protection.
Public property RefreshTokenProvider Produces a refresh token which may be used to produce a new access token when needed. If not provided the authorization server will not return refresh tokens from the /Token endpoint.
Public property SystemClock Used to know what the current clock time is when calculating or validaing token expiration. When not assigned default is based on DateTimeOffset.UtcNow. This is typically needed only for unit testing.
Public property TokenEndpointPath The request path client applications communicate with directly as part of the OAuth protocol. Must begin with a leading slash, like "/Token". If the client is issued a client_secret, it must be provided to this endpoint.

Top

Methods

  Name Description
Public method Equals (Inherited from Object.)
Protected method Finalize (Inherited from Object.)
Public method GetHashCode (Inherited from Object.)
Public method GetType (Inherited from Object.)
Protected method MemberwiseClone (Inherited from Object.)
Public method ToString (Inherited from Object.)

Top

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

See Also

Reference

Microsoft.Owin.Security.OAuth Namespace